nftables 預路由的鹽配置

我正在嘗試配置一個 nftables 規則，用於將流量從我的伺服器轉發到 LXC 容器，但是，dportnftables 不接受 salt states 模組呈現給定值的方式。我應該如何進行？

鹽配置：

kevin-container-web-port-http:
 nftables.append:
   - family: ip
   - table: nat
   - chain: PREROUTING
   - priority: 100
   - iif: eth0
   - dport: '80, 443'
   - proto: tcp
   - to: '10.0.3.32'
   - jump: dnat

輸出state.apply：

     ID: kevin-container-web-port-http
Function: nftables.append
 Result: False
Comment: Failed to set nftables rule for kevin-container-web-port-http.
         Attempted rule was tcp dport { 80, 443 } dnat for ip.
         Failed to add rule "tcp dport { 80, 443 } dnat" chain PREROUTING in table nat in family ip.
Started: 17:36:42.821866
Duration: 154.261 ms
Changes:

嘗試手動添加規則時：

$ nft add rule nat prerouting iif eth0 tcp dport 80 dnat 10.0.3.32
$ nft list table nat
table ip nat {
   chain PREROUTING {
       type nat hook prerouting priority -100; policy accept;
       iif "eth0" tcp dport { http, https } dnat to 10.0.3.32
   }

   ...

}

在廣泛閱讀 nftables 的手冊頁後，我決定嘗試在跳轉參數中添加 to 欄位。該配置適用於以下設置：

kevin-container-web-port-http:
 nftables.append:
   - family: ip
   - table: nat
   - chain: PREROUTING
   - iif: eth0
   - dport: 80
   - proto: tcp
   - jump: dnat to 10.0.3.32:80

引用自：https://serverfault.com/questions/993511